senselab/ansible-role-nginx
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Enable gzip compression

Browse source
This commit is contained in:
phil 2023-03-11 20:52:04 +01:00
parent 5fdb1a9f7b
commit d3b3576815
4 changed files with 41 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -12,6 +12,9 @@ Role to install Nginx.
| `nginx_bad_client_ip` | | List of IP address to deny access | | `nginx_bad_client_ip` | | List of IP address to deny access |
| `nginx_type` | | `gateway` for a Reverse Proxy, `standalone` for a frontend webserver, `backend` for a backend webserver (behind a Reverse Proxy) | | `nginx_type` | | `gateway` for a Reverse Proxy, `standalone` for a frontend webserver, `backend` for a backend webserver (behind a Reverse Proxy) |
| `nginx_proxy_headers_hash_bucket_size` | `64` | | | `nginx_proxy_headers_hash_bucket_size` | `64` | |
| `nginx_http_version` | `1.1` | [documentation](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) |
| `nginx_gzip` | | [documentation](https://nginx.org/en/docs/http/ngx_http_gzip_module.html) |
| `nginx_gzip_types` | --> `defaults/main.yaml` | |
| `dhparam_path` | `/etc/ssl/private/dhparam.pem` | Path to dhparam file | | `dhparam_path` | `/etc/ssl/private/dhparam.pem` | Path to dhparam file |
| `dhparam_size` | `4096` | Size (in bits) of the generated DH-params | | `dhparam_size` | `4096` | Size (in bits) of the generated DH-params |

19
defaults/main.yaml
View file

@ -1,3 +1,22 @@
dhparam_path: /etc/ssl/private/dhparam.pem dhparam_path: /etc/ssl/private/dhparam.pem
bad_user_agents_url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/09071c4b8016f7d59b84a3f941035ce1872aaf7a/_generator_lists/bad-user-agents.list bad_user_agents_url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/09071c4b8016f7d59b84a3f941035ce1872aaf7a/_generator_lists/bad-user-agents.list
nginx_http_version: "1.1"
# Add a semicolon to the end of the last list item
nginx_gzip_types:
- "text/plain"
- "text/css"
- "text/xml"
- "text/javascript"
- "application/javascript"
- "application/x-javascript"
- "application/json"
- "application/xml"
- "application/xml+rss"
- "application/xhtml+xml"
- "application/x-font-ttf"
- "application/x-font-opentype"
- "image/svg+xml"
- "image/x-icon;"

19
templates/nginx.conf.j2
View file

@ -44,11 +44,28 @@ http {
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
## ##
# Gzip Settings # Gzip Settings
## ##
{% if nginx_gzip is defined and nginx_gzip %}
gzip on;
{% if nginx_type == 'gateway' %}
gzip_proxied any;
{% endif %}
gzip_static on;
gzip_http_version {{ nginx_http_version }};
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
gzip_comp_level 6;
gzip_types
{% for type in nginx_gzip_types %}
{{ type }}
{% endfor %}
gzip_buffers 16 8k;
gzip_min_length 512;
{% else %}
gzip off; gzip off;
{% endif %}
## ##
# Virtual Host Configs # Virtual Host Configs

2
templates/reverse_proxy.conf.j2
View file

@ -1,6 +1,6 @@
# Managed by Ansible # Managed by Ansible
proxy_http_version 1.1; proxy_http_version {{ nginx_http_version }};
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;